The Indian government has issued a major directive that could change the way millions of people use popular messaging apps like WhatsApp, Telegram, Signal, Snapchat, ShareChat, JioChat, Aratai and Josh. The Department of Telecommunications (DoT) has asked these platforms to make it impossible for users to access their services without an active SIM card in their devices. The order is part of India’s new Telecom Cyber ​​Security Amendment Rules, 2025, which places app-based communications services under telecom-style regulation for the first time.

Under the new rule, these apps, officially classified as Telecommunication Identifier User Entities (TIUEs), will have to ensure that SIM cards are continuously linked to their services within 90 days. For users logging in through web browsers, DoT has made another major change: the platforms will have to log out users every six hours and require re-authentication via QR code. The government claims this will make it harder for criminals to exploit apps remotely, as every session must now be tied to an active, verified SIM.

Reason behind this move

According to DoT, the move aims to close a major loophole in the way communication apps verify their users. Currently, most services authenticate the user’s mobile number only once at the time of installation, after which the app continues to work even if the SIM is removed or deactivated. “The binding process between a customer’s app-based communication services and their SIM card occurs only once during installation, after which the application continues to function independently,” the Cellular Operators Association of India (COAI) said in comments reported by Medianama.

This creates opportunities for abuse. Cyber ​​criminals, often operating from outside India, can continue to use these apps even after switching or deactivating the SIM, making it almost impossible to trace fraudulent activity through call records, location logs or carrier data. COAI said consistent SIM binding will “maintain critical traceability between user, number and device”, adding that it can “help reduce spam and fraudulent communications” and curb financial scams through messaging platforms.

Similar safeguards are already in place in areas such as digital payments. Banking and UPI apps enforce strict SIM verification to prevent unauthorized access, while the Securities and Exchange Board of India (SEBI) has also proposed linking trading accounts to SIM cards and using facial recognition for added security.

What do the experts say?

While some experts argue that SIM binding can help prevent fraud by ensuring traceability between users and their devices, others disagree. Cybersecurity experts told MediaNama that scammers can easily circumvent such measures by offering only “limited benefits” by using fake or borrowed IDs to obtain new SIM cards. On the other hand, telecom industry representatives say mobile numbers are India’s most trusted digital identifiers and believe the move will help “squeeze more juice” from the existing verification system to strengthen cyber security and accountability.

The big question now is whether platforms like WhatsApp and Telegram can implement such measures without compromising user experience or privacy. For millions of users, this could mean losing the ability to stay logged in to a web browser, or being locked out of their favorite apps if their SIM becomes deactivated.